Upload
others
View
4
Download
0
Embed Size (px)
Citation preview
Running head: CRYPTOGRAPHY 1
Cryptography: Mathematical Advancements on Cyber Security
Kristin Bower
A Senior Thesis submitted in partial fulfillment
of the requirements for graduation
in the Honors Program
Liberty University
Spring 2019
CRYPTOGRAPHY 2
Acceptance of Senior Honors Thesis
This Senior Honors Thesis is accepted in partial
fulfillment of the requirements for graduation from the
Honors Program of Liberty University.
______________________________
Scott Long, Ph.D.
Thesis Chair
______________________________
Daniel Joseph, Ph.D.
Committee Member
______________________________
Melesa Poole, Ph.D.
Committee Member
______________________________
Mark Ray Schmidt, Ph.D.
Assistant Honors Director
______________________________
Date
CRYPTOGRAPHY 3
Abstract
The origin of cryptography, the study of encoding and decoding messages, dates back to
ancient times around 1900 BC. The ancient Egyptians enlisted the use of basic encryption
techniques to conceal personal information. Eventually, the realm of cryptography grew
to include the concealment of more important information, and cryptography quickly
became the backbone of cyber security. Many companies today use encryption to protect
online data, and the government even uses encryption to conceal confidential
information. Mathematics played a huge role in advancing the methods of cryptography.
By looking at the math behind the most basic methods to the newest methods of
cryptography, one can learn how cryptography has advanced and will continue to
advance.
CRYPTOGRAPHY 4
Cryptography: Mathematical Advancements on Cyber Security
How does the government keep its secrets from prying eyes? How do companies
who promise to keep their customers’ personal information safe actually protect that
information? In most cases, the answer is cryptography, the study of encoding and
decoding information. Starting with rudimentary beginnings, cryptography evolved to
include complex mathematical techniques. As mathematicians discovered new aspects of
prime numbers and functions with unique properties, the government updated the
standard practice for encoding and decoding information in order to keep up with the
growing field of mathematics. Still today, researchers seek for new methods to add to
cryptography, and as mathematics continues to advance so will the area of cyber security.
History of Cryptography
Cryptography, the study of encryption and decryption, stems from the basic desire
for privacy. The most basic examples of the encryption and decryption process, though
rudimentary compared to modern methods, involve the concept of sending information to
a location without interception from an unintended source. The first known instance of
cryptography occurred around 1900 BC in ancient Egypt. The tomb of Khnumhotep II,
an Egyptian nobleman, contains several hieroglyphic symbols. However, the last sections
of the hieroglyphics include abnormal symbols replacing the usual symbols (Dooley,
2018). The unusual symbols obscure the meaning of the hieroglyphics by simply
switching commonly used symbols with unknown symbols. Though simple in nature, the
act of switching symbols to conceal a message is a basic form of encryption. Nonetheless,
one cannot determine with absolute certainty why Khnumhotep II hides the true meaning
of the inscriptions, so the reasoning behind the ambiguity remains unclear.
CRYPTOGRAPHY 5
Assyrian merchants during 1500 BC introduced the idea of using intaglios for
business transactions. An intaglio, an engraved figure in a stone or other hard material,
allowed the merchants to create a unique signature, which ensures that trading occurs
with the intended merchant (Dooley, 2018). The idea of using a unique signature foretells
the idea of digital signatures, a more mathematically complex way to ensure the
authenticity of a transaction.
Meanwhile, during the 7th century BC, a Greek poet named Archilochus
introduced the skytale, a cryptographic device consisting of a cylinder with a leather strip
(Dooley, 2018). Suppose the skytale allows for four letters written around the cylinder
and six letters written along the side, then skytale encrypts messages as follows:
Step 1. Create the message: “Send help as soon as possible”
Step 2. Write message along the side of the cylinder like the example below.
Step 3. Unwrap the leather strips to obtain the new encrypted message: “
slosepnsnaaidssbhspleooe ”
Notice: In order to decrypt the message, one must simply rewrap the leather strip
around the cylinder and read along the side. This method obviously presents several
limitations regarding the length of the original message and the ease of deciphering the
encrypted message but proves effective for the time period of the skytale’s use.
One of the most famous examples of early cryptography, the Caesar cipher,
emerged around 100 BC. Julius Caesar developed a shift cipher known as the Caesar
CRYPTOGRAPHY 6
cipher in order to protect confidential military information (Dooley, 2018). The cipher
takes the letters used in the message and shifts each letter of over three to the left, or 23 to
the right, according to the order of the alphabet. For example, if one wants to encrypt the
message “WE LEAVE AT SUNDOWN”, then by using the Caesar, he obtains the
following:
Original Message: WE LEAVE AT SUNDOWN
Encrypted Message: TB IBXSB XQ PRKALTK
Innovations to Cryptography
The ancient examples of cryptography certainly paved the way for more advanced
cryptographical techniques; however, several basic developments still needed
improvement. Even though the encryption techniques introduced thus far concealed
information, one could easily decrypt the message without much effort. In order to
further protect hidden messages, cryptographic techniques needed more complexity.
Leon Battista Alberti, an Italian Renaissance man, created the first polyalphabetic
cipher, known as the Alberti cipher, around 1467. The Alberti cipher involves two
concentric disks, one larger and one smaller, each divided into 24 sections. The stationary
larger disk contains the uppercase letters of the Latin alphabet, which consists of the
English alphabet minus J, U and W. In addition, Alberti also took out the letters H, K and
Y as he personally regarded them unnecessary, and he added the numbers 1 through 4 to
the outer disk, as well. The inner disk consists of the lowercase letters of the Latin
alphabet, which also disregards j, u and w from the English alphabet, and also contains
the symbol et, which most likely carries the meaning of the ‘&’ symbol (Dooley, 2018).
CRYPTOGRAPHY 7
In order to encode a message, one must simply rotate the inner disk and replace the letter
or number on the outer disk with the letter directly underneath on the inner disk.
As encryption and decryption techniques advanced, these methods began to
spread, especially with the invention of the printing press. Johannes Trithemius published
posthumously the first printed work on cryptography in 1518. His work entitled
Polygraphia is a composition of five books (Dooley, 2018). The books contain ancient
alphabets, invented alphabets, and examples of encoding messages. The printing of
cryptographical works allowed encryption and decryption techniques to spread farther
than ever before.
As the interest in creating cryptosystems grew, the interest in defeating
cryptosystems also emerged. Thus, the birth of cryptanalysis, the science of breaking
cryptographic algorithms, occurred during the 19th century. Edgar Allen Poe, the famous
American poet, showcased his skills in a Pennsylvania paper by solving submitted
ciphers. Poe’s efforts to break encryptions spread the interest of cracking encryption
techniques for entertainment. However, the increased interest in cryptanalysis pushed the
need for stronger encryption techniques (Dooley, 2018).
Eventually, governments also began to pay attention to cryptanalysis. During
World War I, the cryptanalysis section of the British Naval Intelligence decrypted about
15,000 German messages. This allowed the British Navy to play an important role in
defeating Germany during WWI. The realm of cryptography, now not only involved
methods for hiding important messages, but also involved the practice of breaking
encrypted messages. The ability to decrypt encoded messages allows one to gain an
advantage over enemies without their knowledge (Budiansky, 2016).
CRYPTOGRAPHY 8
Modern Advancements
As the interest in cryptography grew, the need for more complex methods also
arose. Thus, cryptographers sought to incorporate more difficult mathematical tactics in
order to protect their encryption techniques from adversaries (Middleton, 2017).
Whitfield Diffie and Martin Hellman, two prominent cryptographers of the 20th century,
incorporated the use of prime numbers into their encryption method, utilizing the
difficulty of factoring large prime numbers (Mollin, 2003). Diffie and Hellman created a
method to exchange keys, vital information used in encoding and decoding, called the
Diffie-Hellman key exchange. Essentially, the Diffie-Hellman key exchange involves the
use of a public key, which is a prime number known by the general public, a nonzero
integer agreed upon by the two parties exchanging information, and a unique secret key
for each of the two parties. Surprisingly, when using the Diffie-Hellman key exchange,
each party does not need to know the secret key of the other party in order perform the
required calculations. The specifications of the key exchange will be discussed later in
detail.
The 20th century also introduced the first commercially established cipher, known
by the name Lucifer. With the formation of the National Security Agency (NSA) during
1952, the American government began to search for more ways to ensure the protection
of domestic information (Yan, 2008). Several workers of the IBM, or International
Business Machines Corporation, created Lucifer and submitted the cipher to the NSA as a
possibility for the Data Encryption Standard (DES). After acceptance from the NSA,
Lucifer served as the basis for the DES, which became the government standard for
encryption (Yan, 2008).
CRYPTOGRAPHY 9
Although the discovery of a special curve, known as the elliptic curve, dates back
to the 18th century, the widespread implementation of elliptic curves into cryptography
did not occur until the beginning of the 21st century. The unique properties of addition
over an elliptic curve add important applications to cryptography. Elliptic curve
cryptography also enables more security with a smaller key size than the Diffie-Hellman
key exchange (Washington, 2003). The process of elliptic curve addition seems simple to
compute, however given large enough prime numbers the process becomes increasingly
more difficult. The NSA even accepted the use of elliptic curve cryptography as a
national standard for the encryption of information. However, the NSA announced the
plan to replace the use of elliptic curve cryptography with a newer cipher in 2015 due to
the impending threat of quantum computing (National Security Agency, 2015).
The Future of Cryptography
The unpredictability of the quantum realm makes the idea of quantum
cryptography a virtually unbreachable option for encoding important information. The
beauty of encoded data within a quantum state is that the moment an outside force tries to
intercept or read the encoded data, the data itself changes. Thus, eavesdropping is easily
detected the moment of occurrence. Quantum cryptography involves the use of photons
and a photon detector. Once the photon contains the hidden message, the photon detector
uses the random rotations of the polarization of the photon to transfer the message into
bits (Horodecki, 2010).
Since quantum cryptography is practically safe from any interference, it seems
completely infallible; yet, several complications make it hard to implement. One problem
with quantum cryptography is the short distance limitation for sending the data. An
CRYPTOGRAPHY 10
important aspect of quantum cryptography is the entanglement of photons, the idea that
two photons are linked even though there is no physical attachment between the two
photons (Horodecki, 2010). However, entanglement can only occur over a relatively short
distance. In 2017, scientists in China created a new record for the longest distance for
successfully transmitting entangled photons, 1203 kilometers, or approximately 760
miles (Chen, 2017). This distance is an incredible breakthrough, but room for major
improvement still exists.
Another area of concern with quantum cryptography is cost. For practical and
commercial uses of quantum cryptography, a reasonable cost and availability of the
required resources is nonexistent. Since much of quantum cryptography is still in the
developmental stages, many of the resources available to scientists and researchers are
not available generally. The network and equipment required for the quantum key
distribution, as well as the photon detector costs more than a business would typically
want to pay to add more security to the company (Sergienko, 2006). Once the
accessibility and the cost of the technology associated with quantum cryptography reach
a more affordable level, then wide spread implementation of quantum cryptography is
inevitable.
Private and Public Key Cryptography
In order to understand the role of mathematics in cryptography as a whole, one
should first attempt to understand how mathematics is used in the individual methods. An
important distinction to realize is the difference between private and public key
cryptography, but first one must consider the nature of a key itself and its purpose.
CRYPTOGRAPHY 11
A key is a piece of information that enables the sender of a message to encrypt the
message and the receiver of a message to decrypt the message (Hoffstein, Pipher, &
Silverman, 2008). For example, consider the Caesar cipher mentioned previously. This
particular cipher shifts each letter to the right by 23. Thus, the encryption key is 23.
However, the decryption key is less obvious than the encryption key in this example.
Remember in the previous discussion that shifting each letter of the alphabet to the right
by 23 is equivalent to shifting each letter over to the left by 3 taking in to consideration
the fact that there are 26 letters in the English alphabet. In order to return to the original
letters one can simply shift each letter in the encrypted message to the right 3 more times.
Therefore, the decryption key is 3. In most situations, the receiver needs to know only the
decryption key.
Private key encryption involves the use of one key. This key is both the
encryption and decryption key. Hence, the sender and receiver both need knowledge of
the same key. Private key encryption is a relatively simple process as only one key is
required for both encryption and decryption (Hoffstein, Pipher, & Silverman, 2008). In a
perfect world, private key cryptography is sufficient to protect important information.
However, most senders must worry about possible interference of their message. If the
secret key landed in the hands of an adversary, then he or she could steal or alter
confidential information with little effort. Even though private key encryption is simple
in theory, in actuality it brings many security threats that make the method not secure.
Public key encryption, a much safer alternative to private key encryption,
incorporates the use of two keys: one public key and one private key. The public key
functions as the encryption key which means that any individual can use the public key to
CRYPTOGRAPHY 12
encrypt a message, but only the owner of the private key, or the decryption key, can
decrypt the encoded messages (Wang, Xu, & Wang, 2016). Although public key
cryptography is more secure than private key cryptography, the method still involves
several weaknesses, so the process of storing the secret key must be secure.
As in the case of public key cryptography, if an adversary discovers the private
key, then he or she can also decrypt any encoded messages. As a result, many seek to
improve the means in which they exchange the secret key using prime numbers, elliptic
curves, and other more complex methods (Katz & Lindell, 2015). Another issue with
public key cryptography involves the public key, itself. The public key does not need to
be a secret key and will be published publicly. A third party, however, can intercept the
releasing of the public key and alter it. This third party can also create a unique private
key and decrypt any messages. In order to not raise any suspicions, the messages must
also continually be intercepted, decrypted, and then encrypted once again using the fake
public key.
Although this interception process certainly is possible, the more difficult the
encryption/decryption process, the harder for an adversary to pull off such a trick. Some
common examples of public key cryptography are the Diffie-Hellman key exchange and
the ElGamal key generator. Both encryption systems involve the use of prime numbers
and use the difficulty of factoring large primes to ensure more security (Katz & Lindell,
2015). Both processes will be discussed in detail later; however, one must first
understand some fundamental mathematical concepts.
Finite Fields
CRYPTOGRAPHY 13
Let 𝑆 be a set and 𝑆 × 𝑆 be the set of ordered pairs (𝑠, 𝑡) such that 𝑠, 𝑡 are
elements of 𝑆. A binary operation, ∗ , maps 𝑆 × 𝑆 → 𝑆. Note that the image of (𝑠, 𝑡) in
𝑆 × 𝑆 must also be an element in 𝑆. A group is a set 𝐺 such that the following properties
hold:
1. Associativity: For any 𝑎, 𝑏, 𝑐 𝜖 𝐺, 𝑎 ∗ (𝑏 ∗ 𝑐) = (𝑎 ∗ 𝑏) ∗ 𝑐.
2. Identity: For any 𝑎 𝜖 𝐺, there exists an element e such that 𝑎 ∗ 𝑒 = 𝑒 ∗ 𝑎 = 𝑎
3. Inverse: For any 𝑎 𝜖 𝐺, there exists an inverse element 𝑎−1 such that 𝑎 + 𝑎−1 =
𝑎−1 + 𝑎 = 𝑒.
The group is called an abelian group if the following property also holds:
4. Commutativity: For any 𝑎, 𝑏 𝜖 𝐺 , a ⁎ b = b ⁎ a.
A ring is a set 𝑅 with two binary operations + and ∙ that satisfy the following:
1. 𝑅 is an abelian group with respect to +.
2. The binary operation ∙ is associative.
3. The distributive property holds. Hence, for any 𝑎, 𝑏, 𝑐 𝜖 𝑅, 𝑎 ∙ ( 𝑏 + 𝑐 ) = 𝑎 ∙
𝑏 + 𝑎 ∙ 𝑐.
A ring is called a field if in addition the following also hold:
4. The binary operation ∙ is commutative.
5. The non-zero elements of 𝑅 form a group under ∙ .
A finite field is simply a field that contains finitely many elements. The finite field 𝔽𝑝 is
the finite field containing all the elements mod 𝑝 (Mullen & Panario, 2013; Cohen, Frey,
Avanzi, 2006).
Key Exchanges over Finite Fields
CRYPTOGRAPHY 14
The finite field 𝔽𝑝 provides many important applications to the realm of
cryptography. Perhaps one of the most relevant is the discrete logarithm problem. Note
that a primitive root is an element 𝑔 in 𝔽𝑝where the powers of 𝑔 generate the entire group
of 𝔽𝑝. The discrete logarithm problem is the difficulty of finding some 𝑥𝜖𝔽𝑝 such that
𝑔𝑥 = ℎ (𝑚𝑜𝑑 𝑝), where 𝑔 is a primitive root and h is any non-zero integer in 𝔽𝑝. The
discrete logarithm can be written as 𝑥 = log𝑔 ℎ. Note that ℎ = 𝑔 ∙ 𝑔 ∙ … ∙ 𝑔 (𝑚𝑜𝑑 𝑝)
for 𝑥 multiplications of 𝑔. Essentially, in order to find log𝑔 ℎ one must find how many
times g must be multiplied by itself in order to get ℎ (Hoffstein, Pipher, & Silverman,
2008).
An obvious way to compute the discrete logarithm is by testing out powers of 𝑔
one by one until some power 𝑖 such that 𝑔𝑖 = ℎ (𝑚𝑜𝑑 𝑝). For example, to find an 𝑎 such
that 2𝑥 = 7(𝑚𝑜𝑑 11), test the powers of 2, 20, 21, . . . 27, and eventually find that 27 =
7 (𝑚𝑜𝑑 11). However, this method becomes extremely difficult for any large prime
number. Both the Diffie-Hellman key exchange and the ElGamal key generator base their
computations on the difficulties surrounding the discrete logarithm (Katz & Lindell,
2015).
The Diffie-Hellman Key Exchange
Suppose two people, Alice and Bob, want to share a secret key, but Eve, an
outside adversary, can intercept any exchange between the two. By using the difficulty of
the discrete log problem to their advantage and the steps of the Diffie-Hellman key
exchange, Alice and Bob can avoid Eve’s obtaining of their key.
CRYPTOGRAPHY 15
Alice and Bob must first agree on some large prime p and a nonzero integer, g in
𝔽𝑝 which is available to the public, even to Eve. However, Alice also secretly chooses an
integer 𝑎 which she uses to calculate 𝐴 = 𝑔𝑎(𝑚𝑜𝑑 𝑝). Meanwhile, Bob also chooses a
secret integer b and calculates 𝐵 = 𝑔𝑏(𝑚𝑜𝑑 𝑝). Alice then sends 𝐴 to Bob, while Bob
sends 𝐵 to Alice. Alice takes 𝐵 and computes 𝐵𝑎, and Bob takes A and computes 𝐴𝑏.
Since 𝐵𝑎 = 𝐴𝑏 = 𝑔𝑎𝑏(𝑚𝑜𝑑 𝑝), both Alice and Bob receive the key, 𝑔𝑎𝑏(𝑚𝑜𝑑 𝑝)
without Eve also receiving the key (Katz & Lindell, 2015).
For example, assume Alice and Bob pick the prime number 𝑝 = 167 and 𝑔 = 2.
So, Alice takes 𝑝 and 𝑔 and computes 𝐴, using her secret number 𝑎 = 23 which only she
knows. Bob also takes 𝑝 and 𝑔 and computes 𝐵, using his secret number 𝑏 = 55 which
only Bob knows. So, 𝐴 = 223 ≡ 31(𝑚𝑜𝑑 167) and 𝐵 = 255 ≡ 50(𝑚𝑜𝑑 167). Alice
then sends Bob 𝐴 = 31 and Bob sends Alice 𝐵 = 50. With this new information, Alice
computes 𝐵𝑎 and Bob computes 𝐴𝑏 such that 𝐵𝑎 = 5021 ≡ 150 (𝑚𝑜𝑑 167) and 𝐴𝑏 =
3155 ≡ 150 (𝑚𝑜𝑑 167). Hence, both Alice and Bob obtain the key, 𝑘 = 150, without
anyone else also receiving the key. Note that an adversary, Eve, can obtain the values of
𝐴 and 𝐵, but neither Eve nor Bob knows the value of 𝑎, and neither Eve nor Alice knows
the value of 𝑏. This mean Eve would have to solve 2𝑎 ≡ 31 (𝑚𝑜𝑑 167) and 2𝑏 ≡
50 (𝑚𝑜𝑑 167) in order to find the values of 𝑎 and 𝑏, which becomes extremely difficult,
especially in a real life situation where the numbers are significantly larger.
The ElGamal Key Generator
ElGamal public key encryption closely resembles the Diffie-Hellman public key
exchange and also involves the discrete logarithm problem. The differences between the
CRYPTOGRAPHY 16
Diffie-Hellman and the ElGamal approach stem mostly from the calculation involved
with producing the shared key.
Say Alice chooses a prime number 𝑝 and a primitive root modulo 𝑝, 𝑔. She then
computes her public key by raising g to her private key, 𝑎. So, 𝐴 = 𝑔𝑎(𝑚𝑜𝑑 𝑝). Alice
then publishes this information so that anyone can encrypt a message using her public
key, but only Alice can decrypt the message using her private key. If Bob wants to send a
message 𝑚 to Alice, he must choose a random key 𝑘, which is called the ephemeral key,
and compute 𝐵1 = 𝑔𝑘(𝑚𝑜𝑑 𝑝) and 𝐵2 = 𝑚 ∙ 𝐴𝑘 = 𝑚 ∙ 𝑔𝑎𝑘(𝑚𝑜𝑑 𝑝). Bob sends Alice
both 𝐵1 and 𝐵2as a pair (𝐵1, 𝐵2) (Hoffstein, Pipher, & Silverman, 2008).
In order for Alice to decrypt the message, she must use her private key, a. Alice
begins by calculating 𝑥 = 𝐵1𝑎 = 𝑔𝑎𝑘(𝑚𝑜𝑑 𝑝). Then, she finds 𝑥−1 = 𝑏 (𝑚𝑜𝑑 𝑝) and
computes 𝐵2 ∙ 𝑥−1 = 𝑚 ∙ 𝑥 ∙ 𝑥−1 = 𝑚. Hence, Alice decrypts the encrypted message to
obtain the original message 𝑚 (Hoffstein. Pipher, & Silverman, 2008).
As an example, let Alice choose 𝑝 = 179 and 𝑔 = 2. She then chooses her
private key, 𝑎 = 63 and computes 𝐴 = 263 ≡ 63(𝑚𝑜𝑑 179). She then releases 𝑝, 𝑔, and
𝐴 to the public. Now, suppose Bob wants to send Alice a message 𝑚 = 123, so he picks
a random integer 𝑘 = 131 and computes 𝐵1 = 2131 ≡ 35(𝑚𝑜𝑑 179) and 𝐵2 = 123 ∙
62131 = 74(𝑚𝑜𝑑 179). Bob then sends Alice the pair (35,74). Once Alice receives the
pair, she calculates 𝑥 = 3563 ≡ 69(𝑚𝑜𝑑 179) and 𝑥−1 = 96(𝑚𝑜𝑑 179). By using 𝐵2
Alice can decrypt the encrypted message to find the original message 𝑚. Alice computes
𝐵2 ∙ 𝑥−1 = 74 ∙ 96 ≡ 123(𝑚𝑜𝑑 179). Hence, Alice successfully decrypts the message,
𝑚 = 123, sent to her by Bob.
CRYPTOGRAPHY 17
Consider the issues with public key cryptography discussed earlier. Both the
Diffie-Hellman key exchange and the ElGamal key generator help combat these issues;
however, the issues do not disappear completely. In the case of the Diffie-Hellman key
exchange, if Eve wants to obtain the private key shared by Alice and Bob, she needs both
Alice’s secret integer 𝑎 and Bob’s secret integer 𝑏. Notice the difficulty in Eve obtaining
both 𝑎 and 𝑏 since neither Alice nor Bob know both 𝑎 and 𝑏 (Katz & Lindell, 2015).
Also, in the example for Diffie-Hellman, the prime number chosen is 167, but in real life
examples, the prime number chosen are extremely large making the computations for Eve
even more difficult. Nonetheless, large primes also make the computations difficult for
Alice and Bob as well.
Regarding the ElGamal key generator, for Eve to decipher a message m, she not
only deals with the repercussions of the discrete logarithm problem but also with the
difficulty of modular inverses. Alice may still have a difficult time computing the
modular inverse of 𝑥 even though she also has her secret key, 𝑎. Eve, without both Alice
and Bob’s secret keys, faces the daunting task of finding the correct exponent of 𝑔 in
addition to then calculating the modular inverse of an exceedingly large number
(Hoffstein. Pipher, & Silverman, 2008). Notice also that the message 𝑚 is a numerical
value, so for longer messages the difficulty of the computations increases.
Elliptic Curves
The use of elliptic curves in cryptography greatly improved the security of
encryption ciphers, but what exactly is an elliptic curve? An elliptic curve over 𝔽𝑝 is the
set of solutions to an equation of the form 𝑥3 + 𝑎𝑥 + 𝑏 where 𝑎, 𝑏 are elements of 𝔽𝑝 and
4𝑎3 + 27𝑏2 ≠ 0. The form 𝑥3 + 𝑎𝑥 + 𝑏 of an elliptic curve is known as the Weierstrass
CRYPTOGRAPHY 18
form named after the German mathematician who discovered the form, Karl Weierstrass.
The condition 4𝑎3 + 27𝑏2 ≠ 0 is also known as the discriminant of an elliptic curve
(Silverman, 2009).
An important attribute of elliptic curves is addition over the curve. The binary
operation ⊕ is called elliptic curve addition. Graphically, given two points 𝑃 and 𝑄 on
an elliptic curve 𝐸, we obtain 𝑃 ⊕𝑄 by connecting a line 𝐿 from 𝑃 to 𝑄 and finding the
third intersection point labeled as 𝑅. By reflecting 𝑅 across the 𝑥-axis, one obtains −𝑅
for which 𝑃 ⊕𝑄 = −𝑅. Also, call 𝑂 the point at infinity, the identity for 𝐸, and say it
exists at every vertical line (Hoffstein, Pipher, & Silverman, 2008).
Given an elliptic curve 𝐸 over 𝔽𝑝 the following properties are also true:
1. Identity: 𝑃⊕𝑂 = 𝑂⊕ 𝑃 = 𝑃 for all 𝑃 in 𝐸(𝔽𝑝).
2. Inverse: 𝑃 ⊕ (−𝑃) = 𝑂 for all 𝑃 in 𝐸(𝔽𝑝).
3. Associativity: (𝑃 ⊕ 𝑄)⊕𝑅 = 𝑃⊕ (𝑄 ⊕ 𝑅) for all 𝑃, 𝑄, 𝑅 in 𝐸(𝔽𝑝).
4. Commutativity: 𝑃 ⊕𝑄 = 𝑄 ⊕𝑃 for all 𝑃, 𝑄 in 𝐸(𝔽𝑝).
Based on the previous definition of an abelian group, one can see that 𝐸 is an
abelian group under elliptic curve addition. However, computing ⊕ graphically becomes
𝑃 𝑄
−𝑅
𝑅 = 𝑃⊕𝑄
Elliptic Curve Addition
CRYPTOGRAPHY 19
difficult and impractical when dealing with many additions. Thus, one can also use an
elliptic curve addition algorithm (Hoffstein, Pipher, & Silverman, 2008).
Given an elliptic curve 𝐸: 𝑦2 = 𝑥3 + 𝑎𝑥 + 𝑏 over 𝔽𝑝 and two points 𝑃1, 𝑃2 ϵ
𝐸(𝔽𝑝),
1. If 𝑃1 = 𝑂, then 𝑃1⊕𝑃2 = 𝑃2.
2. If 𝑃2 = 𝑂, then 𝑃1⊕𝑃2 = 𝑃1.
3. Else, let 𝑃1 = (𝑥1, 𝑦1) and 𝑃2 = (𝑥2, 𝑦2).
4. If 𝑥1 = 𝑥2and 𝑦1 = −𝑦2, then 𝑃1⊕𝑃2 = 𝑂.
5. Else, define λ as
𝜆 =
{
𝑦2 − 𝑦1𝑥2 − 𝑥1
𝑖𝑓 𝑃1 ≠ 𝑃2
3𝑥1+𝑎2
2𝑦_1 𝑖𝑓 𝑃1 = 𝑃2
where 𝑥3 = 𝜆2 − 𝑥1 − 𝑥2 and 𝑦3 = 𝜆(𝑥1 − 𝑥3) − 𝑦1. Thus, 𝑃1⊕𝑃2 = (𝑥3, 𝑦3). For
example: Let 𝐸(𝔽23): 𝑦2 = 𝑥3 + 𝑥 + 1, 𝑃1 = (1,16), and 𝑃2 = (11,20). Since 𝑃1 ≠ 𝑃2,
𝜆 =20−16≡4
11−1≡10 = 4 ∙ 10−1 = 4 ∙ 7 ≡ 5(𝑚𝑜𝑑 23). Then use λ to compute 𝑥3 and 𝑦3
where 𝑥3 = 52– 1– 11 = 13(𝑚𝑜𝑑 23) and 𝑦3 = 5(1 − 13) − 16 = 16(𝑚𝑜𝑑 23). Thus,
𝑃1⊕𝑃2 = (13,16).
Recall that a Weierstrass equation of an elliptic curve is an equation of the form
𝑦2 = 𝑥3 + 𝑎𝑥 + 𝑏. However, this form is not defined for 𝔽2 or 𝔽3, so one must also
consider a more general form of the Weierstrass equation suitable for all 𝔽𝑝. The long
Weierstrass form of an elliptic curve over 𝔽𝑝 is
𝐸: 𝑦2 + 𝑎1𝑥𝑦 + 𝑎2 = 𝑥3 + 𝑎32 + 𝑎4𝑥 + 𝑎5 where 𝑎1, 𝑎2, 𝑎3, 𝑎4, 𝑎5 ϵ 𝔽𝑝.
CRYPTOGRAPHY 20
The long Weiestrass form works over any 𝔽𝑝. Although, for the purposes of
cryptography, the short Weierstrass equation is sufficient (Blake, Seroussi, & Smart,
2005). In fact, there exists an isogeny between the long Weierstrass form and the short
Weierstrass form, meaning that the short Weierstrass from preserves the structure of an
long form of an elliptic curve and can be used for cryptography. Given E and E’ as two
elliptic curves over 𝔽𝑝, 𝜙: 𝐸 → 𝐸′ is an isogeny if 1) 𝑥 = 𝑢2𝑥′ + 𝑟 and 2) 𝑦 = 𝑢3𝑦′ +
𝑢2𝑠𝑥′ + 𝑡 where (𝑥, 𝑦) ∈ 𝐸, (𝑥′, 𝑦′) ∈ 𝐸′, and 𝑢, 𝑠, 𝑡, 𝑟 ∈ 𝔽𝑝 (Silverman, 2009).
Now, the fact that an elliptic curve with short Weierstrass form and an elliptic
curve with long Weierstrass form an isogeny can be proven in the following manner:
Proof. Let E’ be an elliptic curve with long Weiestrass form and E be an elliptic
curve with short Weierstrass form over 𝔽𝑝 such that,
𝐸′: (𝑦′)2 + 𝑎1𝑥′𝑦′ + 𝑎2′ = (𝑥′)3 + (𝑎3
′ )2 + 𝑎4𝑥′ + 𝑎5 and
𝐸: 𝑦2 = 𝑥3 + 𝑐1𝑥 + 𝑐2.
Beginning with E’, the first goal is to manipulate E’ in such a way that y can replace
𝑢3𝑦′ + 𝑢2𝑠𝑥′ + 𝑡 for some 𝑢, 𝑠, 𝑡 ∈ 𝔽𝑝.
(𝑦′)2 + 𝑎1𝑥′𝑦′ + 𝑎2𝑦′ = (𝑥′)3 + (𝑎3𝑥
′)2 + 𝑎4𝑥′ + 𝑎5
(𝑦′)2 + (𝑎1𝑥′ + 𝑎2)𝑦
′ +(𝑎1𝑥+𝑎2)
2
4= (𝑥′)3 + (𝑎3𝑥′)
2 + 𝑎4𝑥′ + 𝑎5 +(𝑎1𝑥+𝑎2)
2
4
(𝑦′ +𝑎1𝑥
′+𝑎2
2)2
= (𝑥′)3 + (𝑎3 +𝑎12
4) (𝑥′)2 + (𝑎4 +
2𝑎1𝑎2
4) 𝑥′ + (
𝑎22
4+ 𝑎5)
By setting 𝑦 = 𝑦′ + 𝑎1
2𝑥′ +
𝑎3
2, the equation becomes
𝑦2 = (𝑥′)3 + (4𝑎3+𝑎1
2
4) (𝑥′)2 + (
2𝑎4+𝑎1𝑎2
2) 𝑥′ +
4𝑎5+𝑎22
4.
CRYPTOGRAPHY 21
In order to simplify the equation for future calculations, set 4𝑎3 + 𝑎12 = 𝑏1, 2𝑎4 +
𝑎1𝑎2 = 𝑏2, and 4𝑎5 + 𝑎22 = 𝑏3. Thus, the equation is
𝑦2 = (𝑥′)3 +𝑏1
4(𝑥′)2 +
𝑏2
2𝑥′ +
𝑏3
4.
The next objective of the proof is to manipulate the equations further so that x can replace
𝑢2𝑥′ + 𝑟 for some 𝑢, 𝑟 ∈ 𝔽𝑝.
𝑦2 = ((𝑥′)3 +𝑏1
4(𝑥′)2 +
𝑏1
48𝑥′ +
𝑏1
1728) +
𝑏2
2𝑥′ +
𝑏3
4−
𝑏1
48𝑥′ −
𝑏1
1728
𝑦2 = (𝑥′ +𝑏1
12)3
− (𝑏12
48𝑥′ −
𝑏2
2𝑥′ +
𝑏13
576−𝑏1𝑏2
24) −
𝑏13
1728+𝑏3
4+
𝑏13
576−𝑏1𝑏2
24
𝑦2 = (𝑥′ +𝑏1
12)3
− (𝑏12−24𝑏2
48) (𝑥′ +
𝑏1
12) −
𝑏13+3𝑏1
3+432𝑏3−72𝑏1𝑏2
1728
𝑦2 = (𝑥′ +𝑏1
12)3
− (𝑏12−24𝑏2
48) (𝑥′ +
𝑏1
12) −
𝑏13−36𝑏1𝑏2+216𝑏3
864
By letting 𝑥 = 𝑥′ +𝑏1
12,
𝑦2 = 𝑥3 −𝑏12−24𝑏2
48𝑥 −
𝑏13−36𝑏1𝑏2+216𝑏3
864 .
Notice for 𝑐1 =24𝑏2−𝑏1
2
48 and 𝑐2 =
𝑏13−36𝑏1𝑏2+216𝑏3
864,
𝑦2 = 𝑥3 + 𝑐1𝑥 + 𝑐2 = 𝐸.
The substitutions 𝑦 = 𝑦′ + 𝑎1
2𝑥′ +
𝑎3
2 and 𝑥 = 𝑥′ +
𝑏1
12 follow the definition of an
isogeny where 𝑢 = 1, 𝑡 =𝑎3
2, 𝑠 =
𝑎1
2, and 𝑟 =
𝑏1
12. Thus, there exists an isogeny such that
𝜙: 𝐸 → 𝐸′ and (𝑥, 𝑦) ↦ (𝑥′ +𝑏1
12, 𝑦′ +
𝑎1
2𝑥′ +
𝑎3
2). Therefore, the structure of an elliptic
curve is preserved when using the short Weierstrass form, and this form can be used for
elliptic curve cryptography (Silverman, 2009).
CRYPTOGRAPHY 22
An important attribute of elliptic curves is the fact that the curve is non-singular
and smooth, which ensures that the curve contains unique solutions. Without the
characteristic of being non-singular, elliptic curves could not be used for cryptography.
Hence, the condition 4𝑎3 + 27𝑏2 ≠ 0, or the discriminant, assures that the curve is, in
fact, non-singular (Cohen, Frey, & Avanzi, 2006). Essentially, the discriminant of an
elliptic curve implies that there is a tangent line at every point, thus E is non-singular and
smooth. One can prove that the discriminant is 4𝑎3 + 27𝑏2 ≠ 0 in the following
manner:
Proof. Let 𝑓(𝑥, 𝑦) = 𝑦2 − 𝑥3– 𝑎𝑥 − 𝑏. Then,𝜕𝑓
𝜕𝑥 = −3𝑥2 − 𝑎 and
𝜕𝑓
𝜕𝑦= 2𝑦.
Hence, 𝜕𝑦
𝜕𝑥=
3𝑥^2 + 𝑎
2𝑦, and notice that ∇𝑓 = ⟨3𝑥2 + 𝑎, 2𝑦⟩. 𝐸 is smooth if ∇𝑓 exists and is
nonzero at ⟨𝜕𝑓
𝜕𝑥,𝜕𝑓
𝜕𝑦⟩. So, find where
𝜕𝑓
𝜕𝑥 and
𝜕𝑓
𝜕𝑦 are both equal to zero. When
𝜕𝑓
𝜕𝑥= 0, 𝑎 =
−3𝑥2 and when 𝜕𝑓
𝜕𝑦= 0, 𝑦 = 0. Thus, when 𝑎 = −3𝑥2 and 𝑦 = 0,
𝑓(𝑥, 0) = −𝑥3 − (−3𝑥2)𝑥 − 𝑏 = 2𝑥3– 𝑏.
In order to ensure that 𝐸 is non-singular, set 𝑓 = 0 and then restrict the result. Hence,
2𝑥3 − 𝑏 = 0 and thus 𝑥3 =𝑏
2. Notice that 𝑎 = 3𝑥2, so 𝑎3 = −27𝑥6 and 𝑥6 = −
𝑎3
27.
Therefore,
(𝑏
2)2
= 𝑥6 = −𝑎3
27 .
So, – 27𝑏2 = 4𝑎3 and thus 4𝑎3 + 27𝑏2 = 0.
Remember that in order for 𝐸 to be non-singular, one must restrict the values 𝑎 and 𝑏
such that 4𝑎3 + 27𝑏2 ≠ 0. Therefore, since the restriction ensures that ∇𝑓 exists and is
nonzero at every point of the curve, the discriminant of an elliptic curve implies that there
CRYPTOGRAPHY 23
is a tangent line at every point; thus, E is non-singular and smooth. Now, one can
properly understand the cryptographic applications of elliptic curves.
A similar discrete logarithm problem occurs with elliptic curves. However, the
discrete logarithm problem for elliptic curves involves elliptic curve addition instead of
multiplication. Thus, the elliptic curve discrete logarithm problem is the problem of
finding some 𝑛 such that 𝑄 = 𝑃 ⊕ 𝑃⊕. . .⊕ 𝑃 where 𝑃 is added to itself 𝑛 times
(Cohen, Frey, & Avanzi, 2006). Formally, Given an elliptic curve over 𝔽𝑝 and points 𝑃,
𝑄 in 𝔽𝑝, the elliptic curve discrete logarithm problem is the problem of finding an 𝑛 such
that 𝑄 = 𝑛𝑃, where one writes 𝑛 = log𝑃 𝑄. Next, consider how the elliptic curve discrete
logarithm problem changes the approach to the Diffie-Hellman key exchange and the
ElGamal key generator.
Diffie-Hellman Elliptic Curve Key Exchange
Elliptic curves can also be used to exchange keys using the Diffie-Hellman key
exchange. However, instead of choosing a prime number 𝑝 and a nonzero integer 𝑔 in
𝔽𝑝, Alice and Bob must choose 𝑝, an elliptic curve over a finite field 𝐸(𝔽𝑝), and a point
𝑃 in 𝐸(𝔽𝑝) (Cohen, Frey, & Avanzi, 2006). Note that the Diffie-Hellman key exchange
with elliptic curves uses elliptic curve addition, not multiplication as in the key exchange
for 𝔽𝑝.
After Alice and Bob agree on 𝐸(𝔽𝑝) and 𝑃, Alice picks a secret integer 𝑎 and she
computes 𝑄𝑎 = 𝑎𝑃. Meanwhile, Bob picks a secret integer 𝑏 and computes 𝑄𝑏 = 𝑏𝑃.
Alice then sends 𝑄𝑎 to Bob, and Bob sends 𝑄𝑏 to Alice. Both Alice and Bob use their
CRYPTOGRAPHY 24
respective secret integers 𝑎 and 𝑏 to compute 𝑎𝑄𝑏 = 𝑎𝑏𝑃 = 𝑏𝑄𝑎, which becomes a
secret key shared by Alice and Bob (Cohen, Frey, & Avanzi, 2006).
Specifically, say Alice and Bob agree on 𝐸(𝔽3023): 𝑦2 = 𝑥3 + 𝑥 + 2547 and 𝑃 =
(2237,2480) where 𝑃𝜖𝐸(𝔽3023). Alice then chooses a secret integer 𝑎 = 2313 and
calculates 𝑄𝑎 = 2313𝑃 = (934, 29). Meanwhile, Bob also chooses a secret integer 𝑏 =
1236 and calculates 𝑄𝑏 = 1236𝑃 = (1713,1709). Then, Alice sends 𝑄𝑎 to Bob, and
Bob sends 𝑄𝑏 to Alice. By using their respective secret integers, 𝑎 = 2313 and 𝑏 =
1236, both Alice and Bob obtain the secret key 2313𝑄𝑏 = 1236𝑄𝑎 = (2537,1632).
Even though both the Diffie-Hellman key exchange over 𝔽𝑝 and 𝐸(𝔽𝑝) involve
similar processes, the recommended key size for the elliptic Diffie-Hellman key
exchange is significantly smaller than that for the key exchange over 𝔽𝑝. According to
NIST, a 3072-bit key or larger is recommended for the Diffie-Hellman key exchange
over 𝔽𝑝, while only a 384-bit is recommended for the elliptic Diffie-Hellman key
exchange (Barker, 2016). Thus, the Diffie-Hellman elliptic curve key exchange can
provide sufficient security with a significantly smaller key than the Diffie-Hellman key
exchange over finite fields.
The ElGamal Elliptic Curve Key Generator
Elliptic curves also provide application to ElGamal cryptosystems. Alice chooses
a prime number 𝑝, an elliptic curve 𝐸(𝔽𝑝), and a point 𝑃 in 𝐸(𝔽𝑝). After she chooses a
secret key 𝑎, she then computes 𝑄𝑎 = 𝑎𝑃 and publishes 𝑄𝑎, along with 𝑝, 𝐸(𝔽𝑝), and 𝑃.
Now, if Bob wants to send a message 𝑀 in 𝐸(𝔽𝑝) to Alice, he chooses a random integer
CRYPTOGRAPHY 25
𝑘 to be his ephemeral key and then computes 𝐵1 = 𝑘𝑃 and 𝐵2 = 𝑀⊕ 𝑘𝑄𝑎. Bob sends
(𝐵1, 𝐵2) to Alice. Alice then takes the pair from Bob and using her secret key a computes
𝐵2 − 𝑎𝐵1 = (𝑀⊕ 𝑘𝑄𝑎) − 𝑎𝑘𝑃 = 𝑀⊕ 𝑎𝑘𝑃⊕−𝑎𝑘𝑃 = 𝑀.
Thus, Alice receives the original message 𝑀 (Hoffstein, Pipher, & Silverman, 2008).
Now, suppose Alice chose 𝑝 = 3023, 𝐸(𝔽3023): 𝑦2 = 𝑥^3 + 𝑥 + 2547, and
𝑃 = (2237,2430). Alice chooses a secret key 𝑎 = 2313, and computes 𝑄𝑎 = 2313𝑃 =
(934,29) which Alice makes available to the public along with 𝑝,𝐸(𝔽3023), and 𝑃. Bob
decides that he wants to send Alice a message 𝑀 = (2181,4000) in 𝐸(𝔽3023), so he
chooses a random integer 𝑘 = 1236 and calculates 𝐵1 = 1236𝑝 = (1713,1709) and
𝐵2 = (2181,400) ⊕ 1236𝑄𝑎 = (2181,400)⊕ (2537,1632) = (2720, 452). Bob
sends Alice (𝐵1, 𝐵2) where 𝐵1 = (1713, 1709) and 𝐵2 = (2720, 452). Alice receives
(𝐵1, 𝐵2) and uses her secret key a to obtain the original message 𝑀.
𝐵2 − 𝑎𝐵1 = (2720, 452) ⊕ −2313𝐵1 = (2720, 452)⊕ (2537,−16) = (2181, 400)
Since (2181, 400) = 𝑀, Alice obtains the original message.
Advantages and Disadvantages of Elliptic Curve Cryptography
After looking at the application of elliptic curves to the Diffie-Hellman key
exchange and the ElGamal key exchange, the efficiency of elliptic curves in securing
private information is apparent. Elliptic curves add a unique layer to cryptography and
elliptic curve addition provides a way to apply methods in 𝔽𝑝 to 𝐸(𝔽𝑝) instead (Xiong,
Qin, & Vasilakos, 2017). Though the general public may be unaware of elliptic curves
and their applications, their importance to cryptography is apparent just with their
addition to public key exchanges.
CRYPTOGRAPHY 26
However, even elliptic curve cryptography faces several disadvantages. First of
all, the computations with elliptic curve cryptography involve more complex
mathematics. While the computations surrounding public key cryptography over finite
fields make sense even without a full understanding of the mathematics behind the
system, understanding the process of elliptic curve cryptography and the addition process
comes less from common knowledge and more from extensive research (Silverman,
2009). Elliptic curve addition adds multiple steps to the encryption and decryption
process, so the likelihood of implementation errors increases. Also, elliptic curve addition
significantly increases the key size compared to basic multiplication making the
computations even more difficult.
Quantum Mechanics
Even with the mathematical advancements thus far, security breaches still exist as
none of the cryptographical methods are unbreakable. However, the quantum realm
offers a unique perspective on cryptography and multiple other areas of study (Sergienko,
2006). Before diving into the complexities of quantum cryptography, one should seek
understanding of the laws associated with the quantum realm.
Quantum mechanics describes the actions of atoms and subatomic particles.
When looking at the nature of the quantum realm, one must understand that particles act
according to a completely different set of rules than the visible world (Griffiths, 2006).
Consider a car driving down a road; one can easily find the position of the car at a certain
time, as well as the velocity and mass by taking basic measurements. Quantum particles,
however, do not act according to classic physics.
CRYPTOGRAPHY 27
German physicist, Werner Heisenberg, studied the nature of particles and
discovered a key component of quantum particles: the momentum and position of a
particle cannot be known with full certainty. The uncertainty principle states that the
inaccuracy of the position of a particle multiplied by the inaccuracy of the momentum of
a particle must be larger than ℎ
4𝜋, where ℎ is Planck’s constant (Griffiths, 2006).
Essentially, the uncertainty principle says the more one knows about the position of a
particle, the less he or she knows about the momentum and vice versa. Even the very act
measuring a quantum system disturbs the system, itself. Thus, one cannot know the
precision of the position and momentum of a particle with absolute certainty.
Mathematically, the uncertainty principle says 𝛥𝑥𝛥𝑝 >ℎ
4𝜋 where 𝑥 is the position and 𝑝
is the momentum of a particle (Griffiths, 2006).
Think of electrons circling a nucleus. Knowing that opposite charges attract, one
might think that the electrons would be attracted all the way to the positively charged
nucleus. However, the certainty of the electrons’ location close to the nucleus implies that
the uncertainty of the electrons’ momentum would be enormous. Thus, the electrons may
be moving so fast that they leave the atom entirely (Griffiths, 2006; Horodecki, 2010).
Remember the example of the car driving down a road. The observability of the position
and momentum of the car makes it hard to believe that the particles which make up the
car are acting in a manner contrary to the observable car.
Particles at the subatomic level move similar to waves. An important property of
waves is that waves can be added together to produce another wave. This property can
also be applied to quantum states. Two quantum states can be added together to produce
CRYPTOGRAPHY 28
another quantum state. This idea that particles can be in two states at the same time id
called superposition. One practical example of superposition in motion is the qubit. A
classical bit, or binary digit, can only appear as one of two states, usually either 1 or 0. In
contrast, qubits can also appear as the superposition of 1 and 0 thereby existing as two
states at the same time (Sergienko, 2006).
An interesting aspect of the quantum realm is the phenomenon known as
entanglement. Entanglement occurs when the quantum state of a pair or group of particles
exist dependently upon one another (Griffiths, 2006). Entangled particles essentially
cannot be described without each other, and a correlation exists between the particles
even over a physical distance.
To understand the idea of entangled particles, picture a pair of gloves, one right-
handed glove and one left-handed glove. Now, suppose that an individual places each
glove in a box and ships them to two different locations where Person 1 waits at one
location and Person 2 waits at the other location. Once both individuals receive their
boxes, Person 1 opens his boxes to reveal a left-handed glove, so Person 2’s box must
contain a right-handed glove. Notice that the moment that Person 1 opened his box and a
left-handed glove was revealed, Person 2 could only have a right-handed glove.
Entangled particles act in the same manner, once a certain physical attribute of one
particle is revealed, the other particle(s) act in accordance (Griffiths, 2006; Horodecki,
2010). The idea of entanglement and superposition plays a crucial role in quantum
cryptography.
Quantum Cryptography
CRYPTOGRAPHY 29
Several features of quantum mechanics provide useful applications to
cryptography. A well-known application of quantum mechanics to cryptography is with
quantum key distributions. The ability to send information through quantum particles
eliminates many of the issues with the usual key distribution methods (Horodecki, 2010).
Remember the very act of measuring particles disturbs the systems leading to even more
uncertainty about the position or momentum of a particle. Hence, the moment that an
adversary attempts to eavesdrop or intercept the key exchange between two parties, they
can immediately detect a disturbance.
Most quantum key distributions use the polarization of photons in order to
exchange information. Light emitting diodes, or LEDs, enable an individual to control the
creation of the photons by making one single photon at a time. Also, a polarization filter
allows for only photons with a certain polarization to pass through the filter while
blocking all other photons from coming through (Sergienko, 2006). The difficulty with
measuring polarization is that once the photons are polarized, they cannot be measured
again without disrupting the polarization of the photons, itself, in the process. Quantum
key exchanges rely on attaching information to a photon and knowing the original
polarization of the photon (Sergienko, 2006). How can one know the original
polarization of the photon when the very act of measuring the polarization disturbs the
polarization itself?
First, one must determine which types of polarizations to use. The two most well-
known polarization bases are rectilinear and diagonal polarization, and it is important to
note that a polarization base must consist of two orthogonal states. The rectilinear basis
includes a vertical polarization of 0°, meaning the photons move in an up and down
CRYPTOGRAPHY 30
oscillating motion, and a horizontal polarization of 90°, meaning the photons move in a
side to side oscillating motion. The diagonal basis uses a polarization of 45° and 135°.
Notice that these angles are also orthogonal, so a polarization of 45° correlates to a wave-
like motion at 45°, and a polarization of 135° correlates to a wake-like motion at 135°
(Sergienko, 2006).
Rectilinear Basis: Vertical vs. Horizontal Polarization
Diagonal Basis: 45° vs. 135° Polarization
The first quantum cryptography protocol, known as BB84, uses two orthogonal
states, usually the rectilinear basis and the diagonal basis. The protocol then assigns a 0
bit to both 0° and 45° and a 1 bit to both 90° and 135° (Sergienko, 2006). Also, the
rectilinear basis is labeled by the symbol + and the diagonal basis is labeled by the
CRYPTOGRAPHY 31
symbol ×.
To better understand the steps of the quantum key exchange, suppose Alice and
Bob want to share a message through some quantum communication channel, likely an
optical fibre or a vacuum, and any adversary, Eve, can try any approach to mess up the
communication within the quantum channel. Also, Alice decides to use the rectilinear
basis and the diagonal basis as her orthogonal bases. She starts by randomly choosing a 0
or 1 bit and then randomly choosing a basis as well. Say Alice randomly chooses a 1 bit
and the diagonal basis. She then transmits a photon to Bob in the horizontal state
according to the diagonal basis at 135° (Horodecki, 2010).
Bob receives the photon and randomly chooses either a rectilinear or diagonal
filter to measure the photon assuming that Bob is unaware of what basis Alice used to
polarize the photons. When Bob finishes measuring the photons sent by Alice, he
communicates to Alice. Alice and Bob then discuss over the channel where Bob says the
basis he used to measure each photon and Alice says whether Bob is correct or incorrect
in lining up with how she polarized the photons. They both discard the bits where Bob
used a different basis and thus, the key is the remaining bits (Horodecki, 2010).
Specifically, say Alice and Bob decide to use the quantum key exchange with the
rectilinear and diagonal bases. Alice sends eight photons randomly using the method
0 1
+
×
CRYPTOGRAPHY 32
described above, and Bob measures the photons he receives randomly. They receive the
following information after discussing through a quantum communication channel.
Alice’s Bit 0 0 1 0 1 1 1 0
Alice’s Random
Basis
+ × × + + + × +
Alice’s Angle 0° 45° 135° 0° 90° 90° 135° 0°
Bob’s Random
Measurement
+ + × × + × + +
Bob’s Angle 0° 90° 135° 45° 90° 135° 90° 0°
Matches X X X X
Shared Key 0 1 1 0
So, Alice and Bob both receive the shared secret key 0110. Also, notice that for the
photon polarizations where the basis does not line up, the photon detector randomly
chooses between vertical and horizontal polarization (Sergienko, 2006).
Conclusion
After looking through the different techniques of cryptography, one clearly sees
how mathematics has impacted the realm of cryptography. However, as mathematics
evolves and the level of security grows with each newly implemented cryptographical
method, adversaries also grow in knowledge and understanding of the underlying process
of security. Thus, just as mathematics is always evolving, the application of mathematics
to cyber security must also be growing. Each cryptographical method discussed, contains
advantages and disadvantages concerning its respective encoding and decoding
processes. Public key cryptography of a finite field proves the simplest to calculate and
understand but requires a larger key size in order to reach the level of security of elliptic
curve cryptography. Although elliptic curve cryptography allows for a smaller key size,
the complex mathematical techniques leave room for calculation errors and confusion.
CRYPTOGRAPHY 33
Quantum cryptography seems to excel in many areas where the other methods fail.
However, the distance over which quantum cryptography can take place is still lacking.
Considering that researchers have only just scratched the surface of the quantum realm,
as time goes on and knowledge progresses, cryptographical techniques will continue to
advance.
CRYPTOGRAPHY 34
References
Barker, E.(2016). Recommendation for key management part 1. NIST Special
Publication. doi:10.6028/nist.sp.800-57pt1r4
Blake, I. F., Seroussi, G., & Smart, N. P. (2005). Advances in elliptic curve
cryptography. New York: Cambridge University Press.
Budiansky, S. (2016). Code warriors: NSA's codebreakers and the secret intelligence
war against the Soviet Union. New York: Vintage Books.
Chen, N. (2017). China' s quantum satellite establishes photon entanglement over 1,200
km. Retrieved from http://english.cas.cn/newsroom/news/
201706/t20170619_178279.shtml.
Cohen, H., Frey, G., & Avanzi, R. (2006;2005;). Handbook of elliptic and hyperelliptic
curve cryptography (1st ed.). Boca Raton, FL: Chapman & Hall/CRC.
Dooley, J. F. (2018). History of cryptography and cryptanalysis: codes, ciphers, and
their algorithms. Cham: Springer Nature.
Griffiths, D. (2006). Introduction to quantum mechanics (Second edition.). Upper Saddle
River, NJ: Pearson Prentice Hall.
Hoffstein, J., Pipher, J., & Silverman, J. H. (2008). Introduction to mathematical
cryptography. New York: Springer-Verlag New York.
Horodecki, R. (2010). Quantum cryptography and computing: theory and
implementation. IOS Press.
Katz, J., & Lindell, Y. (2015). Introduction to modern cryptography (Second ed.).
London: CRC.
CRYPTOGRAPHY 35
Middleton, B. (2017). A history of cyber security attacks: 1980 to present (1st ed.).
Philadelphia: CRC.
Mollin, R. A. (2003). RSA and public-key cryptography (1st ed.). Boca Raton, FL:
Chapman & Hall/CRC.
Mullen, G., & Panario, D. (2013). Handbook of finite fields. Boca Raton, FL: CRC.
National Security Agency: central security service defending our nation. (2015).
Retrieved from https://apps.nsa.gov/iaarchive/ programs /iad-binitiatives/cnsa-
suite.cfm
Sergienko, A. V. (2006). Quantum communications and cryptography (1st ed.). Boca
Raton, FL: Taylor & Francis.
Silverman, J. H. (2009). The arithmetic of elliptic curves (Second ed.). New York:
Springer-Verlag.10.1007/978-0-387-09494-6.
Wang, X., Xu, G., Wang, M., & Meng, X. (2016). Mathematical foundations of public
key cryptography (1st ed.). Boca Raton, FL: CRC.
Washington, L. C. (2003). Elliptic curves: number theory and cryptography. Boca
Raton, FL: Chapman & Hall/CRC.
Xiong, H., Qin, Z., & Vasilakos, A. (2017). Introduction to certificateless cryptography.
Boca Raton, FL: CRC/Taylor & Francis.
Yan, S. Y., & Springer Science+Business Media. (2008). Cryptanalytic attacks on RSA.
New York: Springer.